Thursday, August 12, 2010

Dangerous iPhone Exploit Code Goes Public

Via -

Minutes after Apple issued a security update Wednesday, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads.

"Comex," the developer of JailbreakMe 2.0,
posted source code for the hacks that leveraged two vulnerabilities in iOS and allowed iPhone owners to install unauthorized apps.

Apple patched the bugs earlier Wednesday.


"Impressive. And dangerous," said
Mikko Hypponen, chief research officer at antivirus company F-Secure, on Twitter early today of the exploit code.

It may not be long before comex's work is turned into a weapon for attacks that gain "root" access, or complete control, of iPhones and iPads.

"@comex thanks, using it to make malicious s*** now," bragged someone identified as "
MTWomg" on Twitter shortly after comex published the source code.

Noted Mac vulnerability researcher Dino Dai Zovi, co-author of
The Mac Hackers Handbook, chimed in with a warning of his own. "Now that @comex released his jailbreak source, any bets on how long before it is ported to Metasploit?" Dai Zovi tweeted Wednesday.


Also possibly at risk: Mac OS X. Like iOS, Apple's desktop operating system includes the FreeType font engine, which may be vulnerable to the same or a similar exploit.

No comments:

Post a Comment